The builder was leaked on X (formerly Twitter) by a developer reportedly disgruntled with the LockBit leadership. This made a previously "exclusive" tool available to anyone with an internet connection. Key Components of the Leak
Excluding specific folders or file extensions from encryption. Setting up "kill-switch" dates. Configuring the ransom note text and contact information. The Impact of the Leak LockBit-Black-Builder.zip
: The core engine used to compile the ransomware and its corresponding decryptor. The builder was leaked on X (formerly Twitter)
: Attackers have used the builder to create specialized versions of ransomware targeting specific industries, such as healthcare or local governments. Security Implications Setting up "kill-switch" dates
: Numerous groups, such as "Bl00dy" and "Buhti," have been observed using modified versions of the LockBit 3.0 code to launch their own campaigns under different names.
The leak of the file in September 2022 marked a significant turning point in the ransomware landscape, effectively "democratizing" high-end cybercrime tools for low-level threat actors. What is the LockBit Black Builder?
: Generates the unique encryption keys required for the attack.